Java Servlet/JSP: 检查角色在数据库中是否为 NULL 或 admin
Java Servlet/JSP: Checking whether role is NULL or admin in Database
我创建了以下函数,它应该检查我的数据库中的“role”列是否包含管理员或者是 Null(这意味着它是普通用户)。我尝试在我的 Servlet class 中测试它,如下面的代码所示,但它 将我重定向 到 USER JSP每次翻页。我的 checkRole() 方法有错误吗?提前谢谢你。
checkRole()方法
public static boolean checkRole() {
boolean find = false;
PreparedStatement pst = null;
ResultSet rs = null;
try(Connection conn= ConnectionConfiguration.getConnection()){
pst = conn.prepareStatement("SELECT * FROM users WHERE role=?;");
pst.setString(1, role);
rs = pst.executeQuery();
while (rs.next()) {
if (rs.getString("role").equals("admin") {
find = true;
} else {find = false;}
}
} catch (SQLException e) {
e.printStackTrace();
}
return find;
}
SERVLET代码
{
String pass1 = request.getParameter("password");
String email = request.getParameter("email");
//checks whether user credentials are right and if it is admin
if(User.validate(email,pass1) && User.checkRole()){
request.setAttribute("email",request.getParameter("email"));
request.setAttribute("pass", request.getParameter("password"));
s.invalidate();
forwardTo(ctx, request, response, "/Admin.jsp");
}
//checks whether user credentials are right and if it is a regular user
else if (User.validate(email, pass1) && !User.checkRole()) {
request.setAttribute("email",request.getParameter("email"));
request.setAttribute("pass", request.getParameter("password"));
s.invalidate();
forwardTo(ctx, request, response, "/RegularUser.jsp");
}
else {
//show some error message
}
}
在 checkRole() 方法中,您需要在找到管理员后跳出 while 循环,否则您的 "find" 布尔值可能会在下一次迭代时再次设置为 false。
更改您的 checkRole 方法,例如
public static boolean checkRole(String email) {
boolean find = false;
PreparedStatement pst = null;
ResultSet rs = null;
try(Connection conn= ConnectionConfiguration.getConnection()){
pst = conn.prepareStatement("SELECT * FROM users WHERE email =? and role='admin';");
pst.setString(1, email);
rs = pst.executeQuery();
if(rs.next()) {
find = true;
}
} catch (SQLException e) {
e.printStackTrace();
}
return find;
}
然后在您的 servlet 代码中写下 if 条件,如
if(User.validate(email,pass1) && User.checkRole(email))
如果您的用户 table 中有超过 1 个具有不同角色的用户,您的 checkRole() 方法将始终评估为真。因为您要选择字段角色属于特定类型的所有行。如果您的用户中存在特定角色类型 table,它将始终为真...
就像其他答案已经提到的那样,您需要传递一个唯一标识符。查询还应该如何知道您正在检查哪个用户的角色?在大多数应用程序中,这是通过 user_id/id 字段完成的,但是由于您在这里只有电子邮件,所以您也可以使用它。我会做这样的事情:
public static boolean isAdmin(String email) {
boolean check = false;
PreparedStatement pst = null;
ResultSet rs = null;
try(Connection conn= ConnectionConfiguration.getConnection()){
pst = conn.prepareStatement("SELECT * FROM users WHERE email =? and role='admin';");
pst.setString(1, email);
rs = pst.executeQuery();
check = rs.next(); // if the resultSet has results, then check will evaluate to true
} catch (SQLException e) {
e.printStackTrace();
}
return check;
}
然后对于您的 servlet:
{
String pass1 = request.getParameter("password");
String email = request.getParameter("email");
//first check if valid login details (seperate it out so you can be more specific in the error you give back, and you don't have to repeat yourself)
if(User.validate(email,pass1)){
// s.invalidate(); //this isn't really necessary here, normally you invalidate the session variables when the user logs out. If a different user logs in (whilst one is already logged in), then any session variables you have set would override it.
String url = "/RegularUser.jsp";
String role = "regular";
//now check if user is admin
if(User.isAdmin(email)){
url = "/Admin.jsp"
role = "admin";
}
//set your session variables
//s.setAttribute("user_email", email);
//s.setAttribute("user_role", role);
forwardTo(ctx, request, response, url);
}else{
//wrong login details - set values back in form
request.setAttribute("email",email);
request.setAttribute("pass", pass1);
forwardTo(ctx, request, response, "/Login.jsp");
}
}
我创建了以下函数,它应该检查我的数据库中的“role”列是否包含管理员或者是 Null(这意味着它是普通用户)。我尝试在我的 Servlet class 中测试它,如下面的代码所示,但它 将我重定向 到 USER JSP每次翻页。我的 checkRole() 方法有错误吗?提前谢谢你。
checkRole()方法
public static boolean checkRole() {
boolean find = false;
PreparedStatement pst = null;
ResultSet rs = null;
try(Connection conn= ConnectionConfiguration.getConnection()){
pst = conn.prepareStatement("SELECT * FROM users WHERE role=?;");
pst.setString(1, role);
rs = pst.executeQuery();
while (rs.next()) {
if (rs.getString("role").equals("admin") {
find = true;
} else {find = false;}
}
} catch (SQLException e) {
e.printStackTrace();
}
return find;
}
SERVLET代码
{
String pass1 = request.getParameter("password");
String email = request.getParameter("email");
//checks whether user credentials are right and if it is admin
if(User.validate(email,pass1) && User.checkRole()){
request.setAttribute("email",request.getParameter("email"));
request.setAttribute("pass", request.getParameter("password"));
s.invalidate();
forwardTo(ctx, request, response, "/Admin.jsp");
}
//checks whether user credentials are right and if it is a regular user
else if (User.validate(email, pass1) && !User.checkRole()) {
request.setAttribute("email",request.getParameter("email"));
request.setAttribute("pass", request.getParameter("password"));
s.invalidate();
forwardTo(ctx, request, response, "/RegularUser.jsp");
}
else {
//show some error message
}
}
在 checkRole() 方法中,您需要在找到管理员后跳出 while 循环,否则您的 "find" 布尔值可能会在下一次迭代时再次设置为 false。
更改您的 checkRole 方法,例如
public static boolean checkRole(String email) {
boolean find = false;
PreparedStatement pst = null;
ResultSet rs = null;
try(Connection conn= ConnectionConfiguration.getConnection()){
pst = conn.prepareStatement("SELECT * FROM users WHERE email =? and role='admin';");
pst.setString(1, email);
rs = pst.executeQuery();
if(rs.next()) {
find = true;
}
} catch (SQLException e) {
e.printStackTrace();
}
return find;
}
然后在您的 servlet 代码中写下 if 条件,如
if(User.validate(email,pass1) && User.checkRole(email))
如果您的用户 table 中有超过 1 个具有不同角色的用户,您的 checkRole() 方法将始终评估为真。因为您要选择字段角色属于特定类型的所有行。如果您的用户中存在特定角色类型 table,它将始终为真...
就像其他答案已经提到的那样,您需要传递一个唯一标识符。查询还应该如何知道您正在检查哪个用户的角色?在大多数应用程序中,这是通过 user_id/id 字段完成的,但是由于您在这里只有电子邮件,所以您也可以使用它。我会做这样的事情:
public static boolean isAdmin(String email) {
boolean check = false;
PreparedStatement pst = null;
ResultSet rs = null;
try(Connection conn= ConnectionConfiguration.getConnection()){
pst = conn.prepareStatement("SELECT * FROM users WHERE email =? and role='admin';");
pst.setString(1, email);
rs = pst.executeQuery();
check = rs.next(); // if the resultSet has results, then check will evaluate to true
} catch (SQLException e) {
e.printStackTrace();
}
return check;
}
然后对于您的 servlet:
{
String pass1 = request.getParameter("password");
String email = request.getParameter("email");
//first check if valid login details (seperate it out so you can be more specific in the error you give back, and you don't have to repeat yourself)
if(User.validate(email,pass1)){
// s.invalidate(); //this isn't really necessary here, normally you invalidate the session variables when the user logs out. If a different user logs in (whilst one is already logged in), then any session variables you have set would override it.
String url = "/RegularUser.jsp";
String role = "regular";
//now check if user is admin
if(User.isAdmin(email)){
url = "/Admin.jsp"
role = "admin";
}
//set your session variables
//s.setAttribute("user_email", email);
//s.setAttribute("user_role", role);
forwardTo(ctx, request, response, url);
}else{
//wrong login details - set values back in form
request.setAttribute("email",email);
request.setAttribute("pass", pass1);
forwardTo(ctx, request, response, "/Login.jsp");
}
}